The first high penalty for GDPR violation

The French regulator imposed 50 milion euro penalty on Google for GDPR violation. It’ the first high penalty for GDPR violation.

On January 21st, 2019, the National Commission for Informatics and Liberties pronounced a sanction of 50 million euros against the GOOGLE LLC for lack of transparency, unsatisfactory information and lack of valid consent for the personalization of advertisement.

On May 25th and 28th, 2018, the National Commission for Informatics and Freedoms received collective complaints from the association None Of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”). LQDN was mandated by nearly 10,000 people to seize the CNIL. In these two complaints, the associations criticized GOOGLE for not having a valid legal basis to process the personal data of the users of its services, in particular for the purpose of personalization of advertising.

Interestingly, the penalty was imposed not in connection with data breach, but violations related to the profiling of advertisements served to users. More directly – it comes from insufficient information to users about how Google collects data that is further used to profile ads:

“The regulator said it judged that people were “not sufficiently informed” about how Google collected data to personalize advertising.”

Other sins include an automatically checked checkbox when registering an account – the one with the permission for personalized advertising or blurring information in the context of the user’s consent – to many different documents:

The regulator said, “Google has not obtained a clear consent to process because” essential information “was” disseminated across several documents “.

The full statement of National Commission of Informatics and Freedom can be find here.

GDPR stands for General Data Protection Regulation. It was implemented in May, 2018 and helps protect people’s privacy and control how companies process the information they collect. GDPR was implemented by the EU and affects nearly everyone across the world. If your website serves and collects data from EU citizens, you need to follow GDPR rules. Make sure that your website is GDPR Compliant with Ultimate GDPR Toolkit for WordPress

As a passionate group of professionals with a love for Web and mobile technologies, we have been successfully serving our clients for the past 15 years. Through these years we have continuously striven to create the best IT solutions our clients seek.

We work in multiple frameworks but we hold special feelings and are experts in Symfony, WordPress, React, Flutter, OXID, and Blockchain.

We are located in Warsaw, Poland, in the heart of Europe. Concentrated on delivering durable web solutions of high integrity, we do not always try to be the cheapest. However, thanks to our location you will be surprised how reasonable our prices are.

Fluent in English we offer services worldwide. Among others, in countries such as the U.S.A., Great Britain, Germany, Australia, Sweden and Poland.

The collected personal data administrator is createIT s.c. Borkowski Bartosz Fredrych Aleksander. Personal data provided by the contact form are collected only to contact you and answer your questions. The collected personal data is stored only for the period necessary to handle the sent notification.